Access control: expose permissions to the frontend (#32954)

* Expose user permissions to the frontend * Do not include empty scope * Extend ContextSrv with hasPermission() method * Add access control types * Fix type error (make permissions optional) * Fallback if access control disabled * Move UserPermission to types * Simplify hasPermission()
2025-02-25 18:55:37 -06:00 · 2021-04-16 16:02:16 +03:00
parent 6ae73eaa22
commit 8b843eb0a6
8 changed files with 101 additions and 16 deletions
--- a/pkg/services/accesscontrol/accesscontrol.go
+++ b/pkg/services/accesscontrol/accesscontrol.go
@@ -16,3 +16,22 @@ type AccessControl interface {
 	// Middleware checks if service disabled or not to switch to fallback authorization.
 	IsDisabled() bool
 }
+
+func BuildPermissionsMap(permissions []*Permission) map[string]map[string]string {
+	permissionsMap := make(map[string]map[string]string)
+	for _, p := range permissions {
+		if item, ok := permissionsMap[p.Action]; ok {
+			if _, ok := item[p.Scope]; !ok && p.Scope != "" {
+				permissionsMap[p.Action][p.Scope] = p.Scope
+			}
+		} else {
+			newItem := make(map[string]string)
+			if p.Scope != "" {
+				newItem[p.Scope] = p.Scope
+			}
+			permissionsMap[p.Action] = newItem
+		}
+	}
+
+	return permissionsMap
+}